CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2010-0628

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 76.4%

CVSS Severity

CVSS v2 Score 5.0

References

http://secunia.com/advisories/39023
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt
http://www.kb.cert.org/vuls/id/839413
http://www.securityfocus.com/archive/1/510281/100/0/threaded
http://www.securityfocus.com/bid/38904
http://www.ubuntu.com/usn/USN-916-1
https://bugzilla.redhat.com/show_bug.cgi?id=566258
http://secunia.com/advisories/39023
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt
http://www.kb.cert.org/vuls/id/839413
http://www.securityfocus.com/archive/1/510281/100/0/threaded
http://www.securityfocus.com/bid/38904
http://www.ubuntu.com/usn/USN-916-1
https://bugzilla.redhat.com/show_bug.cgi?id=566258

Products affected by CVE-2010-0628

Mit » Kerberos 5 » Version: 1.7

cpe:2.3:a:mit:kerberos_5:1.7
Mit » Kerberos 5 » Version: 1.7.1

cpe:2.3:a:mit:kerberos_5:1.7.1
Mit » Kerberos 5 » Version: 1.8

cpe:2.3:a:mit:kerberos_5:1.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-0628

Products

Pricing

Contact Us